Cybersecurity In-Depth: Feature articles on security strategy, latest trends, and people to know.
What Do You Do When You Can't Patch Your IoT Endpoints?What Do You Do When You Can't Patch Your IoT Endpoints?
The answer, in a word, is segmentation. But the inconvenient truth is that segmentation is hard.
October 29, 2019
Question: What do you do when you can't patch your IoT endpoints?
Dr. Mike Lloyd, CTO of RedSeal: Internet of Things devices are great because they aren't as complicated as phones, laptops, or servers. General-purpose computers cause headaches. Unfortunately for security, IoT devices are also a curse for the same reason – precisely because they aren't flexible. The security toolchain and ecosystem we've built up assumes we can put stuff on network endpoints, but IoT "things" are different. Agents? Scanning? Patching? Antivirus? None of that works in the new world of IoT widgets. Worse, many of these devices are built en masse by companies focused on price point, with no intention of supporting patching.
The answer, in a word, is segmentation. You have to treat these fragile endpoints like the boy in the bubble: They have a compromised immune system, so isolate them from the digital germs being cooked up continually around the Internet.
Do your smart lightbulbs really need open access to your databases? Probably not. Industrial networks know this; they were traditionally air-gapped (although that has broken down over time). Segmentation is easy in principal – just separate the network you use for X for the one you use for Y. The reason to do so is clear: You want to limit the blast radius. But the inconvenient truth is that segmentation is hard. Defenders have to map out their zones and ensure the as-built matches the as-designed. This requires diligence, but it's a great job for automation. Software can be taught to find any defensive gaps.
Do you have questions you'd like answered? Send them to [email protected].
This free, all-day online conference offers a look at the latest tools, strategies, and best practices for protecting your organization’s most sensitive data. Click for more information and, to register, here.
About the Author(s)
Hacking Your Digital Identity: How Cybercriminals Can and Will Get Around Your Authentication MethodsOct 26, 2023
Modern Supply Chain Security: Integrated, Interconnected, and Context-DrivenNov 06, 2023
How to Combat the Latest Cloud Security ThreatsNov 06, 2023
Reducing Cyber Risk in Enterprise Email Systems: It's Not Just Spam and PhishingNov 01, 2023
SecOps & DevSecOps in the CloudNov 06, 2023